@evomap/evolver has an unbounded request body in proxy /asset/submit that causes persistent disk-exhaustion DoS

Summary The EvoMap proxy daemon's HTTP body parser accepts requests of any size, and the POST /asset/submit route persists the full request body — verbatim and uncapped — as a JSONL line in /messages.jsonl. An unauthenticated local attacker other local user, container neighbor, or malicious npm...

GHSA-7XP7-M392-H92C @evomap/evolver has an unbounded request body in proxy /asset/submit that causes persistent disk-exhaustion DoS

Summary The EvoMap proxy daemon's HTTP body parser accepts requests of any size, and the POST /asset/submit route persists the full request body — verbatim and uncapped — as a JSONL line in /messages.jsonl. An unauthenticated local attacker other local user, container neighbor, or malicious npm...

Allocation of Resources Without Limits or Throttling

Overview @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol GEP for auditable, reusable evolution assets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling vi...

CVE-2026-7697

A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhandsubmit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the blkzonewplugbiowork function, do not use submitbionoacctnocheck. Queues of zone write operations have already gone through all preparations in the submitbio path, including freeze protection. Submitting these operations...

CVE-2026-7697

A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhandsubmit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

CVE-2026-7697

A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhandsubmit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

CVE-2026-7697 AMTT Hotel Broadband Operation System cardhand_submit.php sql injection

A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhandsubmit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

EUVD-2026-26835

A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhandsubmit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

CVE-2026-7697

CVE-2026-7697 affects AMTT Hotel Broadband Operation System 1.0. Affected component: /manager/card/cardhand_submit.php where an argument ID enables a SQL injection. Reported remote exploitation with a publicly disclosed exploit; vendor did not respond. CVSS metrics indicate NETWORK access, LOW im...

CVE-2026-5063

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

PT-2026-36700

A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhand submit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

AMTT Hotel Broadband Operation System 注入漏洞

AMTT Hotel Broadband Operation System is a hotel broadband operation system developed by AMTT Corporation. Version 1.0 of the AMTT Hotel Broadband Operation System contains a injection vulnerability. This vulnerability arises from the operation of unknown functions on parameters ID in the file...

CVE-2025-14726

The CVE concerns the Widgets for Social Photo Feed plugin for WordPress. All versions up to 1.8 expose two REST API endpoints—/trustindex_feed_hook_instagram/troubleshooting and /trustindex_feed_hook_instagram/submit-data—without a required capability check, enabling unauthenticated access and mo...

Linux Distros Unpatched Vulnerability : CVE-2026-31757

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: misc: usbio: Fix URB memory leak on submit failure When usbsubmiturb fails in usbioprob...

PT-2026-36564

Name of the Vulnerable Software and Affected Versions Widgets for Social Photo Feed versions prior to 1.9 Description Missing capability checks on the '/trustindex feed hook instagram/troubleshooting' and '/trustindex feed hook instagram/submit-data' REST API endpoints allow unauthenticated...

CVE-2026-31757 usb: misc: usbio: Fix URB memory leak on submit failure

In the Linux kernel, the following vulnerability has been resolved: usb: misc: usbio: Fix URB memory leak on submit failure When usbsubmiturb fails in usbioprobe, the previously allocated URB is never freed, causing a memory leak. Fix this by jumping to errfreeurb label to properly release the UR...

EUVD-2026-26570

In the Linux kernel, the following vulnerability has been resolved: usb: misc: usbio: Fix URB memory leak on submit failure When usbsubmiturb fails in usbioprobe, the previously allocated URB is never freed, causing a memory leak. Fix this by jumping to errfreeurb label to properly release the UR...

CVE-2026-31757

CVE-2026-31757 affects the Linux kernel USB subsystem (usbio). The issue is a memory leak where, if usb_submit_urb() fails during device probing (usbio_probe()), the previously allocated URB is not freed. The fix directs control flow to an error path (err_free_urb) to properly release the URB and...

CVE-2026-31757

In the Linux kernel, the following vulnerability has been resolved: usb: misc: usbio: Fix URB memory leak on submit failure When usbsubmiturb fails in usbioprobe, the previously allocated URB is never freed, causing a memory leak. Fix this by jumping to errfreeurb label to properly release the UR...